Companies at Risk from Ex-employees

Security concept: Lock on digital screen

Companies in the UK admit that former employees who have access to corporate systems and data through old passwords and access rights could be putting them at risk of a security breach. This is according to figures from the latest research by Centrify Corporation, the leader in securing identities from cyber threats.

The findings, from Centrify’s ‘State of the Corporate Perimeter’ survey of 400 UK and US IT decision makers (ITDMs), show that when it comes to the risks posed by ex-employees, almost a third (32 per cent) of UK respondents believe that it would be ‘easy’ for an employee who has left the company to log in and access systems or information with old passwords. This compares to 53 per cent of respondents in the US.

Although half (49 per cent) say ex-employees and contractors/third parties are ‘off-boarded’ the day they leave, over half also admit that it can take up to a week or more to remove access rights and passwords to sensitive data for someone no longer with the company.

The question of who has root or privileged level access to systems is also a concern. Forty per cent of UK ITDMs working for companies with 500+ employees and 50 per cent working in companies with less than 500 employees say that more than 10 per cent of staff have privileged access to data – potentially exposing confidential and highly sensitive information to both insider threats and external breaches.

“Giving employees elevated access to privileged accounts and the organisation’s most critical data, applications systems and network devices is essentially giving them the ‘keys to the kingdom’. It’s the equivalent of providing the front door key to your house – and you’d be very, very careful who you gave that to,” explains Barry Scott, CTO EMEA at Centrify.

The survey also reveals that nearly half (45 per cent in the UK compared to 55 per cent in the US) of organisations have suffered a security breach in the past. A quarter of UK respondents (26 per cent) suspect attempts have been made in the last week, while one in seven (14 per cent) say that their systems may have suffered attempted security breaches in the last hour. According to the findings, 57 per cent in the UK admit their organisation needs to do a better job of monitoring who is accessing data.

Scott adds: “The challenge is that modern enterprises have their infrastructure both on-premises and in the cloud, they have a mobile workforce and IT users may be their own employees, temporary contractors or from external companies. Privileged accounts are a very attractive target for hackers. It’s surprising that experienced IT decision makers like this are admitting that their organisations need to do a better job of monitoring who has access to their data, despite high profile incidents like Sony, JP Morgan and Target and the knowledge that breaches can potentially cost them millions of pounds.”